A Timeline of SKT's Data Breach: What Happened and How It Impacted South Korea's Telco Giant
In April, South Korea's telco giant SK Telecom (SKT) was hit by a cyberattack that led to the theft of personal data on approximately 23 million customers, equivalent to almost half of the country's 52 million residents. At a National Assembly hearing in Seoul on Thursday, SKT chief executive Young-sang Ryu said about 250,000 users have switched to a different telecom provider following the data breach. He said he expects this number to reach 2.5 million, more than tenfold the current amount, if the company waives cancellation fees.
The company could lose up to $5 billion (around ₩7 trillion) over the next three years if it decides not to charge cancellation fees for users who want to cancel their contract early, Ryu said at the hearing. “SK Telecom considers this incident the most severe security breach in the company's history and is putting forth our utmost effort to minimize any damage to our customers,” a spokesperson at SKT told TechCrunch in an emailed statement.
A joint investigation involving both public and private entities is currently underway to identify the specific cause of the incident. The Personal Information Protection Committee (PIPC) of South Korea announced on Thursday that 25 different types of personal information, including mobile phone numbers and unique identifiers (IMSI numbers), as well as USIM authentication keys and other USIM data, had been exfiltrated from its central database, known as its home subscriber server.
The compromised data can put customers at greater risk of SIM swapping attacks and government surveillance. After its official announcement of the incident on April 22, SKT has been offering SIM card protection and free SIM card replacements to prevent further damage to its customers.
A Detailed Timeline of SKT's Data Breach
SKT detected abnormal activities on April 18 at 11:20 p.m. local time. SKT found unusual logs and signs of files having been deleted on equipment that the company uses for monitoring and managing billing information for its customers, including data usage and call durations.
SKT identified a data breach on April 19 in its home subscriber server in Seoul, which typically houses subscriber information, including authentication, authorization, location, and mobility details. SKT reported the cyberattack incident to Korea's cybersecurity agency.
SKT confirmed on its website that it detected suspicious activity, indicating a “potential” data breach involving some information related to users' USIMs data. SKT began replacing mobile SIM cards of 23 million users, but the company has faced shortages in obtaining sufficient USIM cards to fulfill its promise to provide free SIM card replacements.
Impact on Users and Cancellation Fees
About 250,000 users have switched to another telecom provider following the breach, according to the company's chief executive at a National Assembly hearing. South Korean authorities announced that 25 types of personal information were leaked from the company's databases during the cyberattack.
SKT is currently assessing how to handle the cancellation fees for users affected by the data breach incident. The company has offered SIM card protection and free SIM card replacements to prevent further damage to its customers, but it remains unclear whether it will waive cancellation fees for affected users.
The Investigation and Response
A joint investigation involving both public and private entities is currently underway to identify the specific cause of the incident. The Personal Information Protection Committee (PIPC) of South Korea announced on Thursday that 25 different types of personal information had been exfiltrated from its central database, known as its home subscriber server.
The compromised data can put customers at greater risk of SIM swapping attacks and government surveillance. SKT has offered SIM card protection and free SIM card replacements to prevent further damage to its customers.